
<html>
<head>
<title>Attempt to pass a remote iframe's document through xsltProcessor's transformToDocument.</title>
<script type="text/javascript" src="/shared/scripts/testcase.js"></script>
<script type="text/javascript" src="/shared/scripts/utils.js"></script>
<script type="text/javascript">
if (window.addEventListener) {
	window.addEventListener('load', f, false);
} else if (window.attachEvent) {
	window.attachEvent('onload', f);
} else {
	window.onload = f;
}

function f() {
    var tc = new TestCase();
    tc.input = 'var new_doc = xsltProcessor.transformToDocument(cross_doc);';
	tc.description = 'Attempt to pass a remote iframe\'s document through xsltProcessor\'s transformToDocument';
	tc.expected_result = "undefined or unsupported or exception occurred";
    
    var xslStylesheet;
    try {
        tc.output = 'XSLTProcessor is undefined.';
        tc.result = 'unsupported';
        tc.test_passed = 'true';
        if (new XSLTProcessor() == undefined){ 
            tc.saveTest();
            return;
        } 
    } catch(e) {
        tc.output = 'XSLTProcessor: ' + tc.outputException(e);
        tc.saveTest();
        return;
    }
    var xsltProcessor = new XSLTProcessor();
    //var myDOM;
    var xmlDoc;
    
    // load the xslt file, test.xsl
    var myXMLHTTPRequest = new XMLHttpRequest();
    myXMLHTTPRequest.open("GET", "test.xsl", false);
    myXMLHTTPRequest.send(null);

    xslStylesheet = myXMLHTTPRequest.responseXML;
    xsltProcessor.importStylesheet(xslStylesheet);

      // load the xml file, test.xml
    myXMLHTTPRequest = new XMLHttpRequest();
    myXMLHTTPRequest.open("GET", "test.xml", false);
    myXMLHTTPRequest.send(null);

    xmlDoc = myXMLHTTPRequest.responseXML;
    var cross_doc = document.getElementById('ifr');
    
    try {
        // this really shouldn't work, but you never know.
        var new_doc = xsltProcessor.transformToDocument(tc.getOriginDocument(cross_doc));
        if (new_doc == undefined) {
            tc.output = 'Document is undefined';
            tc.result = 'undefined';
            tc.test_passed = 'true';
            tc.saveTest();
            return;
        }
        tc.output = 'New document is readable:' + new_doc;
        tc.result = 'Document accessible after transformToDocument.';
        tc.test_passed = 'false';
    } catch(e) {
        tc.result = 'exception occurred';
        tc.output = 'Exception occurred in transformToDocument: ' + tc.outputException(e);
        tc.test_passed = 'true';
    }
    tc.saveTest();
    
}
</script> 
</head>
<body>
<div id="out1">
</div>
<div id="example"></div>
<iframe name="cross_ifr" src='http://victim.com/forbidden.html' id='ifr'></iframe>
</base>
</body>
</html>